Ozempic Maker Novo Nordisk Confirms Security Incident After $25M Hacker Demand

2026-06-17 · Source: TechRepublic · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Fundamental Awareness, short

Summary

Novo Nordisk, the Danish pharmaceutical company known for Ozempic and Wegovy, has confirmed unauthorized access to a limited number of its internal IT systems following a \$25 million demand from the hacking group FulcrumSec. FulcrumSec claims to have spent over two months inside Novo Nordisk's networks, stealing 1.3TB of data, including proprietary information on released and unreleased drugs, clinical trial data, employee and patient details, source code, processing facility information, and internal AI model data, specifically 30 trained AI models, 70 datasets, and 494 gigabytes of cell painting microscopy images. While Novo Nordisk stated the clinical trial patient data was pseudonymized and core business operations remain functional, the incident highlights significant security risks for healthcare and pharmaceutical companies, particularly concerning intellectual property, AI assets, and research integrity.

Key takeaway

For AI Security Engineers or Directors of AI/ML managing high-value research, this incident underscores the critical need to fortify your organization's intellectual property defenses. You must treat developer credentials, AI models, and research platforms as primary security targets, not secondary systems. Implement robust access controls, continuous monitoring for long dwell times, and stringent credential management to protect proprietary drug research and AI assets from sophisticated threat actors.

Key insights

Healthcare and pharma companies face escalating threats to high-value intellectual property, including clinical trial data and AI models.

Principles

• Long dwell times indicate detection and access control failures.
• Pseudonymization mitigates direct patient privacy risks.
• Developer credentials are critical attack vectors.

In practice

• Prioritize identity and credential management for developers.
• Enhance monitoring in sensitive research environments.
• Secure AI assets and research platforms rigorously.

Topics

• Cybersecurity Incident
• Pharmaceutical Security
• AI Model Security
• Clinical Trial Data
• Data Breach
• Ransomware Demand
• FulcrumSec

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Security Engineer, Director of AI/ML

Related on AIssential

• The $12.6 Million "Patient Zero": Healthcare’s Identity Crisis — Healthcare cybersecurity in 2026 faces an existential threat from costly breaches and AI-generated synthetic identities.
• Snyk Opens San Francisco Innovation Hub — AI security must be integrated from day one, not bolted on later, especially as the AI stack matures.
• After data breach, $10B-valued startup Mercor is having a month — A supply chain attack via a popular open-source tool led to a major data breach impacting a high-value AI startup.
• Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck — Multiple cybersecurity incidents and privacy concerns highlight pervasive digital vulnerabilities and data exploitation across consumer and government sectors.
• Productivity is the new data breach (Ep. 301) — Employees' use of LLMs for productivity creates an unprecedented, self-inflicted corporate espionage threat.
• The Rise of the Machine Identity: Securing the AI Workforce and AI Agents — AI agents introduce exponential security risks due to their scale, autonomy, and ephemeral nature, demanding new defense strategies.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by TechRepublic.